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DETAILED ACTION 

Claims 1 -35 are pending in this application. Claims 1,10-11, 23-24, 28, and 32 are the 
independent claims. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-35 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Traversat et al. (2002/0147810). 

As per claims 1 and 10, Traversat et al. teach 

a method of providing access to a resource for one or more users - paragraphs 71 , 73, 
and 77. 

receiving a request to issue authorization data for a user based on access rights 
associated with the user - pars. 362, 368, and 440. 
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said access rights including an expression identifying the resource by a resource name 
and by at least one property associated with the resource to conditionally define access 
to the resource - pars. 72, 159, 357. 

responsive to the received request, issuing the authorization data - pars. 439-440. 
As per claim 2, Traversat et al. teach 

wherein receiving the request comprises receiving the request from an application 
program - pars. 124, 362, 458. 

and wherein issuing the authorization data comprises issuing the authorization data to 
the application program - pars. 366-368, 372. 

As per claim 3, Traversat et al. teach 

wherein receiving the request comprises receiving the request from a computing device, 
and wherein issuing the authorization data comprises issuing the authorization data to 
the computing device - pars. 88-89, 97, 328. 



As per claim 4, Traversat et al. teach 
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wherein receiving the request and issuing the authorization data occur over a secure 
sockets layer - pars. 418-419, 437. 

As per claim 5, Traversat et al. teach 

wherein receiving the request and issuing the authorization data occur over a network 
such as the Internet - pars. 77-78. 

As per claim 6, Traversat et al. teach 

creating the authorization data in response to the received request - pars. 30, 325, 364. 

As per claim 7, Traversat et al. teach 

encrypting the created authorization data - pars. 78, 94, 139. 

As per claim 8, Traversat et al. teach 

generating a signature based on the created authorization data; and including the 
generated signature and an expiration date with the created authorization data - pars. 
94, 139, 451-453. 
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As per claim 9, Traversat et al. teach 

receiving the authorization data from an application program - pars. 72, 101, 121. 
retrieving validation information from the received authorization data- pars. 422-423, 
441. 

evaluating the retrieved validation information - pars. 162, 439. 

sending a response indicating the validation status of the received authorization 

data responsive to said evaluating the retrieved validation information - pars. 325, 352, 

355. 

As per claims 1 1 and 23, Traversat et al. teach 

a method for validating authorization data to provide access to a resource for 
one or more users - pars. 71 , 73, 77. 

receiving authorization data associated with one of the users, said authorization 
data including an expression identifying a resource by a resource name and by a 
property associated with the resource - pars. 72, 355, 422-425. 

retrieving validation information from the received authorization data; evaluating the 
retrieved validation information to determine a validation status of the received 
authorization data - pars. 162, 206, 439-440. 

sending a response indicating the determined validation status responsive to said 
evaluating the retrieved validation information - pars. 325, 352, 355. 
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As per claim 12, Traversat et al. teach 

evaluating the expression to identify the resource - par. 72. 

As per claim 13, Traversat et al. teach 

extracting a target scope from the received authorization data, said extracted target 
scope identifying the resource - pars. 71 , 110-112. 

As per claim 14, Traversat et al. teach 

receiving a data packet according to the Simple Object Access Protocol (SOAP), and 
further comprising extracting the authorization data from the received data packet - 
pars. pars. 243, 425, 431-439. 

As per claim 15, Traversat et al. teach 

wherein receiving the authorization data occurs over a secure sockets layer - pars. 418- 
419, 437. 

As per claim 16, Traversat et al. teach 
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wherein receiving the authorization data occurs over a network such as the Internet - 
pars. 77-78. 

As per claim 17, Traversat et al. teach 

decrypting the received authorization data - pars. 139, 441 . 

As per claim 18, Traversat et al. teach 

receiving the authorization data from an application program, and further comprising: 

receiving an identifier from the application program - pars. 72, 101, 121. 

extracting another identifier from the received authorization data - pars. pars. 422-423, 

441. 

comparing the received identifier with the extracted identifier to determine the 
validity of the received authorization data - pars. 162, 439. 

As per claim 19, Traversat et al. teach 

retrieving a signature from the received authorization data - pars. 94, 139, 143. 



As per claim 20, Traversat et al. teach 
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determining that the retrieved signature is invalid, and wherein sending the response 
comprises sending a response indicating the invalidity of the received authorization data 
- pars. 139, 426, claim 12. 

As per claim 21 , Traversat et al. teach 

wherein retrieving the validation information comprises retrieving an expiration date 
from the received authorization data - pars. 451-453. 

and wherein evaluating the retrieved validation information comprises comparing the 
retrieved expiration date to a current time stamp to determine if the received 
authorization data has expired - pars. 439-440. 

As per claim 22, Traversat et al. teach 

wherein the received authorization data has been determined to be expired, and further 
comprising sending a response indicating the invalidity of the received authorization 
data -pars. 152, 451,453. 



As per claim 24, Traversat et al. teach 
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an interface component adapted to receive authorization data, said authorization 
data including an expression identifying a resource by a resource name and by a 
property associated with the resource - pars. 72-74, 78. 

a parser component adapted to retrieve validation information from the received 
authorization data - pars. 30, 121, 219. 

a validation component adapted to evaluate the retrieved validation information - pars. 
162, 439. 

wherein the interface component is further adapted to send a response indicating the 
validation status of the received authorization data responsive to said evaluating the 
retrieved validation information - pars. 81, 101, 323-325. 

As per claim 25, Traversat et al. teach 

wherein the interface component is further adapted to receive a request to issue the 
authorization data for a user based on access rights associated with the user - pars. 
139, 362, 339-340. 

As per claim 26, Traversat et al. teach 

an authorization component adapted to issue the requested authorization data 
responsive to the request received by the interface component - pars. 26, 144, 325. 
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As per claim 27, Traversat et al. teach 

a scope component to evaluate the expression to identify the resource - par. 72. 
As per claim 28, Traversat et al. teach 

a memory area for storing authorization data for use in accessing a resource; said 
authorization data including an expression identifying the resource by a resource name 
and by at least one property associated with the resource - pars. 72, 77-78, 132, 355, 
440. 

validating the authorization data to provide access to the resource - pars. 162, 439. 
As per claim 29, Traversat et al. teach 

issuing the authorization data for a user based on access rights associated with the 
user - pars. 439-440. 

As per claim 30, Traversat et al. teach 

evaluating the expression to identify the resource - par. 72. 
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As per claim 31 , Traversat et al. teach 

wherein the authorization data comprises a token - pars. 139, 439. 
As per claim 32, Traversat et al. teach 

a header field representing validation information, said validation information 
including a signature and an expiration date -pars. 132, 144, 355. 

a source field representing an identity of the user - pars. 242-246. 

a claim field specifying the resource conditionally, said claim field including an 
expression identifying the resource by a resource name and by at least one of the 
properties - pars. 72, 107, 139, 162. 

As per claim 33, Traversat et al. teach 

wherein the resource name identifies a resource group - pars. 1 13, 1 17, 159, 172. 
As per claim 34, Traversat et al. teach 

a site identifier identifying an application program associated with the user -par. 72. 
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As per claim 35, Traversat et al. teach 

wherein the validation information further includes a site identifier identifying a 
computing device associated with the user - pars. 88-89, 97, 328. 



Conclusion 

After going over the claim sets, Examiner finds that some claims in the claim sets 
1-10 and 11-35 seem more interrelated, thus, claims 1-35 are examined. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to LINH BLACK whose telephone number is 571-272- 
4106. The examiner can normally be reached on Mon.-Thurs.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Don Wong can be reached on 571-272-1834. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

LINH BLACK 
Examiner 
Art Unit 2163 

March 20, 2008 
/don wong/ 

Supervisory Patent Examiner, Art Unit 2163 



